Privacy Policy

Effective May 23, 2026. This policy describes how Beach Street Labs LLC ("we," "us," "ClearedToFile") collects, uses, and protects data processed through the ClearedToFile platform.

What we collect

When a campaign treasurer uploads bank statements, bookkeeping exports, or filed reports, we parse those files into structured transaction rows: date, amount, direction (debit or credit), and memo text. We also store:

Institution name (e.g. "Mercury," "Chase Business")
Account label chosen by the treasurer (e.g. "Primary Operating")
Last four digits of the account number
Upload metadata: who uploaded, when, source file hash (SHA-256), parser used, row count

What we never store

Full bank account numbers
Routing numbers
Bank login credentials (usernames, passwords, MFA seeds)
Raw uploaded files after parsing completes — original PDFs, CSVs, and spreadsheets are purged from durable storage once parsed; only the SHA-256 hash and metadata survive

How we use your data

We use uploaded data for one purpose: reconciling campaign finance filings against bank activity and generating a materiality-scored verdict (green, yellow, or red). We do not sell data. We do not use it for advertising. We do not build behavioral profiles.

Who sees what

Committees see their own data only. There is no cross-tenant access by design.

State ethics commissions see the filed report (which is already public), the reconciliation verdict, and summary-level counts and dollar deltas. The state never receives raw bank transactions, ledger entries, bank statement files, or account identifiers — unless the committee explicitly opts into a drill-down view.

Bank aggregator data

When bank-linking features are available, ClearedToFile uses third-party aggregators (such as Plaid) to pull transaction data directly from your bank via OAuth. Your bank login credentials are entered at your bank's site, never on ours. Aggregator access tokens are encrypted at rest with per-tenant envelope keys. We do not subscribe to routing or full-account-number products.

Data retention

Source files are purged after parsing. Transaction rows and reconciliation results are retained for the duration of your account. SHA-256 hashes and upload audit records are retained indefinitely as part of the integrity audit trail.

Security

Data is encrypted in transit (TLS 1.3) and at rest. Access is role-gated and scoped per organization. See our Security page for the full custody and integrity model.

Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated to active users. The effective date at the top of this page reflects the most recent revision.

Contact

Questions about this policy? Reach us at codewavesfl@gmail.com.